Semi-automated, largely passive web application security audit tool,
optimized for an accurate and sensitive detection, and automatic
annotation, of potential problems and security-relevant design patterns
based on the observation of existing, user-initiated traffic in complex
web 2.0 environments.

Detects and prioritizes broad classes of security problems, such as
dynamic cross-site trust model considerations, script inclusion issues,
content serving problems, insufficient XSRF and XSS defenses, and much
more.
